APT30 Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Sequenza temporale

Linguaggio

zh4
en4

Nazione

cn4
us4

Attori

APT301

Attività

Interesse

Sequenza temporale

Genere

Network Management Software2
Groupware Software2
Operating System2

Fornitore

Not Defined2
Microsoft2
Linux2

Prodotto

Zabbix2
Microsoft Exchange Server2
Linux Kernel2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Combodo iTop config.php TestConfig escalazione di privilegi6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.000890.04CVE-2018-10642
2Inter7 SqWebMail Error Message rivelazione di un 'informazione5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.005910.00CVE-2004-2313
3Softnext SPAM SQR escalazione di privilegi7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.04CVE-2023-24835
4Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.012580.00CVE-2021-28482
5Linux Kernel z90crypt_unlocked_ioctl escalazione di privilegi5.95.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.02CVE-2009-1883
6Zabbix Dashboard Page autenticazione debole8.28.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.355200.00CVE-2019-17382

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.1.0.295-1-0-29.datagroup.uaAPT3026/12/2020verifiedAlto
2XXX.XXX.XX.XXXXxxxx19/02/2024verifiedAlto
3XXX.XXX.X.XXXXxxxx24/12/2020verifiedAlto
4XXX.XXX.XXX.XXXXxxxx19/02/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1059CWE-94Argument InjectionpredictiveAlto
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
3TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1Fileweb/env-production/itop-config/config.phppredictiveAlto
2Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveAlto

Referenze (4)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!